Data security in Microsoft Dynamics GP part 2
GP Databases Security
Find here some information about the Microsoft Dynamics GP database security model. This security model is divided into these sections:
- Password Security
- Directory Account Database Access
- DynGrp Database Role
- SQL Server Fixed database roles beginning with ‘rpt_’
Each user is created in the Dynamics GP application to apply the security model. Microsoft Dynamics GP encrypts the password during the user creation process before it is passed to Microsoft SQL Server.The user login is denied if he tries to access SQL Server from outside the Dynamics GP application. The password will not match.
Also, Microsoft Dynamics GP does not allow to change the user password to blank or unencrypted.
Directory Accounts database access
When you logging into Dynamics GP using a Windows directory account, a trusted SQL login account will be made to access the database. The SQL Login account is created and managed using Dynamics Utilities.
This account is assigned to the DYNGRP database role in all GP databases. Never give a direct access to the GP databases to do not bypass the GP Security model.
DYNGRP database role
Use the DYNGRP database role to give access to objects like tables, stored procedures and views. It eliminates the process to assign permissions (SELECT, UPDATE, INSERT, DELETE, EXECUTE) to the database objects.
Follow these rules to reduce the risk to give access to unauthorized users:
- All the users should inherit their permissions from the DYNGRP group
- Only Microsoft Dynamics GP users should be members of this role
- If users are included in this role, they may have access to GP date via other applications
- The administrator should create new database roles with permissions for only the objects that individual users need access to
SQL Server fixed database roles beginning with “rpt_”
A SQL Server Fixed Database role for each of the default SQL Server Reporting Services reports, data connections, and Microsoft Excel® reports is created during the installation of Microsoft Dynamics GP.
- begins with “rpt_”
- contains SELECT access to the Microsoft Dynamics GP data for the data connection or report that the role corresponds to
- Users should be added as members to the SQL Server roles that correspond to the reports or data connections that they need access to